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1.    INTRODUCTION. 


In  this  paper  we  show  that  the  unquantified  theory  of  sets  In  the 
language  0  (empty  set),  =  (equality),  e  (membership),  u  (union), 
\  (set  difference)  and  pow  (powerset)  is  decidable.  The  more 
restricted  theory  obtained  by  dropping  the  powerset  operator  was 
considered  in  [FOS  80].  The  case  in  which  at  most  two  occurrences  of 
the  powerset  operator  are  allowed  was  solved  in  [BF  84].  We  use 
techniques  and  ideas  recently  developed  in  [CFS  84],  [F  84],  and 
[CFMS  84]. 

2.    PRELIMINARIES. 


We  consider  the  theory  MLS  [see  FOS  80]  which  is  the  set  of 
formulas  built  using  the  Boolean  connectives  (conjunction,  disjunction, 
implication  and  negation)  from  set  theoretic  atoms  of  the  following 
types: 

(2.1)         X  =  y  uz,   x=y\z,   xcy,   x  =  0. 
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In  [FOS  80]  an  algorichm  which  decides  satisfiability  of  any  formula  P 
of  MLS  is  described.  We  summarize  the  method  In  the  following  way.  We 
can  assume  without  loss  of  generality  that  P  Is  simply  a  conjunction  of 
clauses  of  types  (2.1)  and  clauses  of  the  form  x  ^  y. 

Definition  2.1.  A  place  a  of  P  is  a  0/1-valued  function  defined 
on  the  set  of  all  variables  in  P  such  that  a (x)  =  a (y )  V  a(z)  (resp. 
a(x)  =  a(y)  &  |  a(z))  if  x  =  y  U  z  (resp.  x  =  y  \  z),  belongs  to  P, 
and  such  that  cc(x)  =  0  if  x  =  0  appears  in  P.  Given  a  variable  x,  the 
place  a  is  said  to  be  £  place  of  P  at_  x  if  a(y)  =  1  (resp.  a(y)  =  0) 
whenever  x  e  y  (resp.   x  ^  y)  appears  in  P. 

The  set  H  of  all  possible  places  of  P  is  finite  and  easily 
calculated.  On  the  other  hand  any  model  M  of  P  defines  a  set  11^^  of 
places  of  P  in  the  following  way.  Let  p  be  any  element  of  some  Mx  for 
some  variable  x  in  P;  then  the  function  defined  by 


1  if   p  E  My 
(2.2)  a(y) 

"O  if   p  ^  My 


is  clearly  a  place,  and  for  each  variable  z  we  obtain  a  place  a  which 
is  a  place  at  z,  by  taking  p  =  Mz.  Notice  also  that  the  places  of  n^^ 
can  equivalently  be  defined  as  those  places  a  of  p  for  which  the  set 

(2.3)       o^  =  {p  I  p  e  Mx  <=>  a(x)  =  I   for  all  variables  x) 

is  nonempty.   We  observe  that  the  following  properties  hold: 


(2.4)         Mx  =   U    o„   for  each  variable  x; 
a(x)»l  "^ 
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(2.5)  Che  sets  a^  are  nonempty  and  pairwtse  disjoint. 

Moreover  with  each  variable  x  there  is  associated  a  place  a   such  that: 

(2.6)  Mx  e  a    . 

X 

We  note  also  that  two  variables  :c,y  are  such  that  Mx  =  My  if  and  only 
if  a(x)  =  ct(y)  for  every  a  e  IT^  .  We  express  this  fact  by  saying  that 
X  and  y  are  Ilj^-equivalenr... 

Finally,  we  observe  that  the  variables  can  be  ordered  in  such  a 
way  chat  •:■''-■  t.    .  ■•-:  -       b.. 

(2.7)  a^(y)  =  1  =>  X  <  y^.: 

The  converse  is  established  by  the  following  theorem  [FOS  80]. 

Theorem  2.2.  1  f_  there  exists  a_  set  IT  of_  places  of  P  such  that 
after  identification  of  H -equivalent  variables  it  Is  possible  to 
associate  a_  place  ct^  e  IT  at_  x  f 0£  each  x  and  to  order  variables  in  such 
a  way  that  condition  (2.7)  is_  satisfied  then  P  has  a  model.  Moreover  a 
model  M  of_  P  can  be  defined  by  (2.4)  provided  that  sees  a^  satisfying 
(2.5)  and  (2.6)  have  been  chosen. 


3.    THE  MAIN  RESULT,  i.  . 

We  will  present  an  algorithm  which  decides  satisfiability  of  any 
conjunction  P  of  clauses  of  types  (2.1),  plus  clauses  of  the  form 
X  ^  y,  plus  additional  clauses  of  the  following  form: 


(3.1)  p^   =  pow(q^)  ,    i  =  1,2, ...,k. 

It   proves  convenient  to  assume  also,  without  loss  of  generality,  that 
clauses 

(3.2)  qg  =  0   &  Po  "^  pow(qQ)   &   qQ  e  pq 

are  present  in  Q.  Note  that  in  the  presence  of  these  clauses  it  follows 

that  o    =  {0}  (for  any  model  M  of  all  our  clauses,  and  for  a   defined 
0 

by  (2.3)),  where  by  a^  we  designate  the  place  a   . 

To  begin  the  analysis  necessary  to  justify  the  algorithm  to  be 
presented,  let  IT  be  a  set  of  places  of  (the  MLS  sentences  of)  P,  and 
assume  that  variables  which  are  necessarily  IT -equivalent  in  consequence 
of  the  clauses  of  P  other  than  those  of  powerset  form  have  been 
identified. 

Definition  3. 1 .  (a)  For  any  sets  s,,...,s  let  pow  (sj,...,s  ) 
denote   the   collection  of   all  nonnull  elements  of  pow(s,  u  ...  U  s  ) 


(b)  A  non-empty  set  {a,,...,a^}  of  places  is  called   a   P-node   if 
there   is  a  powerset  clause  p^  =  pow(q.)  such  that  a.(q^)  =  1  for  all  j 
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(c)  Let  A  be  a  P-node.  A  place  6  Is  called  a  target  of  A  if  for 
every  powerset  clause  p^^  =  powCq^^)  we  have  &(p^)  =  1  if  and  only  if 
O'(q-l)  =  1  for  all  a  e  A,  in  which  case  we  write  A  — >  6,  and  call  the 
relationship  A  — >  B  a  P-edge. 

(d)  A  place  0  is  called  initial  if  it  is  not  the  target  of  any 
P-node  A.  ,t?  = 

The  following  very  simple  lemma  follows  easily  from 
Definition  3.1a  above. 

Lemma  3.2.  If  s ,,..., s^  and  t  ^ , . . .  ,  t  is_  £  collection  of  nonempty 
sets  which  are  pairwlse  disjoint  i f_  not  identical  then 

POW  (Sj,...,S£)  n  pow  (t^,...,tj^)  ^    0     <  =  >  {sp...,S£}   =  {tj,...,t^}   . 

Remark.   Note,  in  clarification  of   the   argument   which   follows, 

that   if   a  model   M  of  P  exists  s.\d   {a^,.,.,aj,}  is  a  P-node,  then  the 

'syntactic'  relationship  {aj,,..,a£}  — >  B  is  implied  by  the  'semantic' 

relationship    pow*(o^  ,...,a^)         <~^     o^  ^  0.  Indeed,    let 

s  G  pow  (a„  ,...,a^  )  rt  Of.    .   Then  s  =   U    (s  n  a„  ),   and   all   the 
°'l      "^l  ^  Kia       ='i 


pow(q,)  we  have 


(Pj)  =  1  <=>  s  G  Mp.  <=>  s  e  pow(Mq.) 

<=>  s  n  o^  C  Mq.   for  all   i  =  1, H 


<=>  a^(q.)  =  1     for  all  i 


implying  {ct  ^,  ...  ,aj^}  — >S. 

The  reader  will  find  the  course   of   the   argument   which   follows 
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clearer   If   the  fact  chaC  {ctj,...,a£}  — >B  is  intended  as  a  syntactic 

representation    for    the    underlying    semantic     relationship 

pow  (o^  ,...,0  )   <^  Oq    ^  0   is   borne  in  mind. 

Let   M   be   a  model   of   P   and   let  n  =  11^  be  the  set  of  places 

associated  with  M  in  the  manner  described  in  the  preceding  section.   We 

shall  show  that  the  six  decidable  conditions  given  below  all  hold,  and 

conversely  we  shall  show  all  that  these  conditions  imply  the   existence 

of   a  map  a  ->■  a  from  places  to  non-empty  sets  such  that  the  assignment 

defined  by  x  +    U    a,  models  all  conjuncts  in  P  of  type  x  =  y  u  z,  x 
ot(x)  =  l 

=  y  \  z,  X  =  0,  and  x  ^  y.   However,  this  assignment  will  only  satisfy 

'approximate'  powerset  clauses;   more   specifically.   It  will   satisfy 

U    d  C  pow(     U    a)   for  any  clause  p,-  =  pow(q,.  )  in  P.  However 
a(p^)  =  I   -       ci(q^)  =  l  ^        ^ 

once  this  point  is  reached  it  will  follow  that  the  sets  a  can  be 
enlarged  in  such  a  way  as  to  satisfy  the  powerset  and  membership 
clauses,  also  i.e.  those  of  type  x  e  y  and  p  =  pow(q).  This  will  show 
that  a  model  of  P  can  be  constructed,  thus  proving  the  decidable 
conditions  that  we  now  proceed  to  list  are  necessary  and  sufficient  for 
satisfiability. 


CONDITION  CI.  For  every  variable  x  there  exists  an  a^^  e  IT  which  is  a 
place  of  P  at  x,  so  that  ci^(y)  =  1,  (resp.  a  (y)  =  0)  if  the  clause 
x  £  y  (resp.   x  ^  y)  appears  in  P. 

CONDITION  C2.  There  is  an  ordering  of  variables  such  that  Qq  is  the 
minimum  variable  and  such  that 

^v^y)   =  1  =>  x  <  y  . 


CONDITION  C3.   The  place  a^  ,  which  we   also  denote   as  a^  ,   is   an 
qg  V 

Initial  place. 


CONDITION  C4.   For  every  variable  x  and  every  j  =  0,1,..., k  we  have 


CONDITION  C5.   The  P-edges  A  — >  a  can  be  marked  in  such  a  way  that: 

(a)  for  every  P-node  A  =  Cap...,a£}  there  is  one  and  only  one  marked 
edge  A  — >  a.  (It  che  edge  A  — >  a  Is  marked  a  will  be  called  the 
principal  target  of  A.  ) 

(b)  Let   X   be   any   variable  appearing  in  P.  If  {a.,..., a-}  =  (S  e  II  | 

6  (x)  =  1}  is  a  P-node  then  there  exists  a  P-edge   {a  ^ ,  . . .  .Ojj^}   — > 
ct^  ,  and  this  edge  is  marked. 

(c)  There  is  an  ordering  .   of  places  such  that 

(cl)  If  the  P-edge  {ctj,...,a£}  — >a  is  marked  then  a^  <a  for  all 

i  =  I,... ,4. 
(c2)  y  <  x  &  a^  *  e  =>  B(y)  =  0  . 

CONDITION  C6.   It  is  possible  to  define  a  mapping  a  ->■  d  from  the  places 
a  e  II  to  sets  a  satisfying  the  following  conditions: 

(a)  Each  cT  is  a  finite  nonempty  set  and  every  element  of  a  either  has 
a  finite  rank  or  a  rank  which  exceeds  oj ,  where  to  designates  the 
first  infinite  ordinal  (w  Is  equivalent  to  the  set  {0,1,...,}  of 
all  integers). 

(b)  d  n  B"  =  0  if  a  ?4  6. 

(c)  u  d  C  powf  u  S  1  for  every  clause  of  the  form  p.=pow(q.). 
a(pj)  =  l  -     S(qj)-1  J       J 


(d)  If  pow  (ci^,...,aj^)  ^  a  ?*  0  then  there  exists  a  P-edge  {a^  . . . ,  Oj^} 
— >  a. 

(e)  If  a.^  U  ...  u  a^  e  a  then  the  P-edge  {a^,...,a^}  — >  a  is 
marked. 

(f)  If  s  is  a  non-empty  set  of  rank  different  from  iiH-1  such  that  sea 
for  some  place  a,  then  there  exists  a  P-edge  {a,,...,aj,}  — >  a 
such  that  s  e  pow  (a^, . . . ,  oj^). 

Moreover,  it  must  be  possible  to  produce  these  sets  by  executing 
the  following  nondetermintstic  Initialization  Algorithm,  and,  indeed, 
by  executing  STEP  2  of  the  algorithm  at  most  n2"p  times  in  some 
appropriate  sequence,  where  n  is  the  number  of  places  in  n  and  p  is  any 
integer  such  that  l^^'^/n   2  P- 

Initialization  Algorithm 

STEP  I.  Let  a^  ,  B^,...,&^  be  the  initial  places  of  G  and  for  i,j  = 
1,2,...  let  \^.  designate  pairwise  distinct  doubleton  sets  of 
the  form  {r.co},  where  r  is  a  positive  integer  and  co  = 
{0,1,2,...,}   is   the  infinite  collection  of  all  integers.   (We 


«0  -  {^}; 

6i  -  {\^^,X^2"">hp^    '  i  =  1.2, ...,r; 
a  *-  9     for  every  a  e  IT,  a  not  initial; 
(where  p  is  any  integer  such  that  2f^~Vn  >  p). 


STEP  2.  Pick  a  P-node  A  =  {ap...,aj^}  and  let  Yp...,Ygj  be   the  places 


for  which  there  exists  a  P-edge  A  — ^^a    •      L,et  Ci,t2,...,t   be 
sets  such  that 


t.  C  [pow  ia.,...,an)]    \      U 


for  all  i  =  1,  .. .  ,m,  and  enlarge  Y  ^  by  putting  y  i  ■*■  y  ^    U  t^    . 

GOTO  STEP  2  OR  STOP. 

Remark  1 .  Note  that  as  the  algorithm  executes,  the  sets  d 
increase  steadily. 

Remark  2.  Notice  that  since  the  sets  a  which  can  arise  at  each 
step  of  the  Initialization  Algorithm  are  finite  it  follows  that 
condition  (C6)  is  decidable.  If  we  did  not  impose  the  condition  that 
the  sets  appearing  in  (C6-a)  through  (C6-e)  were  produced  by  an  a 
priori  limited  number  of  steps  by  the  above  Initialization  Algorithm, 
this  would  no  longer  be  the  case. 

As  usual  we  will  proceed  by  showing  that  satisfiability  of  the 
family  of  clauses  defining  P  implies  existence  of  a  family  of  sets, 
orderings,  etc.  satisfying  (C1)-(C6),  and  then  conversely  show  that  if 
(C1)-(C6)  are  satisfied  then  P  has  a  model.  That  (C1)-(C5)  are 
necessary  for  satisfiability  is  easy  to  see,  and  we  treat  this  point 
first.  Then,  postponing  discussion  of  the  somewhat  more  intricate 
point  (C6),  we  will  prove  that  (C1)-(C6)  are  sufficient  for 
satisfiability.  Finally,  we  will  return  to  a  discussion  of  (C6),  and 
prove  that,  like  (C1)-(C5),  it  is  necessary  for  satisfiability. 

To  see  that  (C1)-(C5)  are  necessary,  again  let  M  be  a  model  of  our 
set   of   clauses,   define   the   set  IT  =  11^  of  all  places  of  M  as  in  the 
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paragraph  preceding  (2.2),  define  Che  sets  o^  by  (2.3),  and  define  the 
place  a  at  a  variable  y  by  (2.2).  Then  conditions  (C1)-(C5)  can  be 
proved  as  follows: 

Proof  of  (CI)  and  (C2):  Conditions  (CI)  and  (C2)  follow  just  as  in  the 
simple  MLS  case  described  in  the  preceding  section.  The  ordering  of 
variables  appearing  in  condition  (C2)  can  be  any  linear  ordering 
extending  the  acyclic  relationship  x  <  y  ■^-»-  rank(Mx)  <  rank.(My). 

Proof  of  (C3):  Since  a0(Po)  =  1.  then  if  {op...,a£^}  — >  a0  it  follows 
that  a^(qQ)  =  1  for  every  i  =  1, ...,£.  This  is  impossible  by  (3.2), 
since  Mqg  =  0.   It  follows  chat  ag  is  initial. 


in  P.  Then  by  (2.2)  a^(pj)  =  1  <=>  Mx  e  Mp^  <=>  Mx  £  pow(Mq j )  <=> 
Mx  _CMqj  <=>  a^  C  Mq.  for  all  a^  C  Mx  <=>  a(qj)  =  1  for  all  a  such  that 
a(x)  =  1. 

Proof  of  (C5):  We  define  a  marking  of   P-edges   by   marking  a   P-edge 

tctj,...,a£}   — >  a   if   and   only  if  a^^  U  ...    Ua^     e  o^  (where  a^    is 

defined  by  (2.3)).   Moreover  we   order   variables   and   places   by  any 

ordering   extending  the   order   of   ranks   of   Che   sets   Mx  and  a^ 

respectively.   Let  x  be  a  variable  and  let  {0j,...,BjJ  be   the   set   of 

all   places  6   such   that  B (x)  =  1,  so  that  Mx  =  ^       Oo    .      Let  p^  = 

I<i<m  ^i        J 


«.( 


Pj)  =  1  <=>  Mx  e  Mpj  <=>  Mx  C  Mq.  <=>  Og   £  Mq.  for  all  I  _<   i  < 


<=>  Bj^(qj)  =  1   for  all   I  <  1  <  m 


proving  that  if  i&  i, .. .  ,S>^    is  a  P-node   then   there  exists   a  P-edge 
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i&  I, ...  ,B^  — >  a^  .  It  Is  also  plain  that  with  the  specified  choice 
of  marking  and  ordering,  condition  (C5c)  is  satisfied. 

We  postpone  discussion  of  (C6)  to  the  next  section,  and  go  on 
Immediately  to  show  that  satisfiability  of  (C1)-(C6)  Is  sufficient,  for 
satisfiability  of  the  initially  given  set  P  of  clauses. 

To  this  end,  assume  first  of  all  that  a  set  11  of  places  of  P  has 
been  found  and  that  all  variables  which  are  IT -equivalent  in  virtue  of 
the  non-powerset  clauses  of  P  have  been  identified.  Assume  also  that 
an  ordering  <  of  variables  and  an  ordering  .  of  places  exist  in  such  a 
way  that  conditions  (C1)-(C6)  are  satisfied  where  P-edges  are  defined 
by  Definition  3.1.  Let  {a  |  a  e  11}  be  a  collection  of  sets  satisfying 
conditions  (C6a ,b,c ,d ,e ).   Notice  that  if  we  put 


(3.3)  Mx  =   U 

a(x)=I 


for  every  variable  x  then  M  defines  a  model  of  all  literals  of  P  not 
involving  clauses  of  the  form  x  e  y  or  p  =  pow(q).  In  order  to  satisfy 
these  additional  literals,  we  apply  the  following  'filling'  algorithm, 
whose  steps  (a)  and  (b)  force  the  model  M  to  satisfy  the  e-  and 
pow-clauses  respectively. 
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^Fllllng"  Algorithm 
STEP  (a)   Process   successive   variables   x   in   Che   ordering   "<"   of 
variables  by  puccing 


Mx  =    U    a 
a(x)=l 


and  setting 


As   soon  as   the   variable   x  has   been  processed  apply  the 
following  •"  - 

STEP  (b).  For  successive  places  a    v^  a^  in  the  ordering  <  of   places  a 
do: 
If  A  =  {ap...,ajj}  — >  a  is  marked  Chen  put 


a  -^  a  U  [pow*(a  ,  ,  ..  .  .an  )  \   U    Q     ] 
^  ^  A— >6 


IF  unprocessed  variables  remain,  go  to  Step  (a); 
otherwise  STOP. 

Note   that  step  (b)  modifies  only  sets  a  for  which  a  ^  a   after  a 
has  been  modified  by  step  (a). 

LEMMA  3.3.   The  f ol lowing  properties  hold  at   every   step  of   the 
Filling  Algorithm. 

(3.4)  Every  a  is  nonempcy,  finiCe  and  every  elemenc  C  e  a 

has  a  rank  which  is  elcher  finite  or  which  is  greater  than  u) . 

(3.5)  a  n  6  =  0  whenever  a    ^  ?> . 

(3.6)  u     a  C  pow(   u     B  1 
a(pj)  =  l   -     S(qj)=l 
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for  every  clause  of  the  form  p.  =  pow(q.). 

(3.7)  If  pow  {a^,  .. .  ,aj^)   (^  a    ^  0   and  {ap...,a,^}  is  a  P-node, 

then  there  exists  a  P-edge  {a^,...,aj^}    — >a. 

(3.8)  (i)    We  have   Mx  e  a    for  every  variable  x  which  has 

been  processed  in  step  (a), 
(ii)   For  each  variable  x  let  ^  i .  •  •  •  .B ™  be  all  the  places  B 
such  that  6 (x)  =  1.   Then 
6  ^  U  . . .  U  Bjj  e  a  =>  a  =  a^  . 

Proof:  We  proceed  by  induction  on  the  number  of  steps  executed.  When 
the  Filling  Algorithm  starts,  conditions  (3.4)-(3.7)  hold  by 
(C6a,b,c,d)  respectively.  Condz'.tion  (3,8i)  is  vacuously  satisfied 
since  no  variable  has  been  processed  yet.  Condition  (3.811)  follows  by 
(C6e)  and  (C5a,C5b). 

Next  we  assume  that  conditions  (3.4)-(3.8)  hold  up  to  execution  of 
a  step  S  of  the  Filling  Algorithm  and  will  show  that  they  continue  to 
hold  after  S  is  executed. 

Proof  of  (3.4):  Notice  that  any  single  step  S  of  the  Filling  Algorithm 
modifies  a  set  a  by  adding  to  it  either  a  singleton  or  a  finite  subset 
of  pow  (cTp  . . .  ,aj^  )  for  some  places  a  ^  . . .  .a^  .  It  follows  by  induction 
that  a  will  remain  nonempty  and  finite  after  S  is  executed.  Moreover 
by  induction  every  element  added  to  a  has  a  rank  which  is  either  finite 
or  which  is  greater  than  u . 
Proof  of  (3.5):  We  distinguish  two  cases: 

Case  (1):  Assume  that  step  S  is   step   (a),   performed   relative   to   a 
variable   x.   It   follows  by  the  induction  hypothesis  (3.811) 
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that  If  Mx  e  5  before  step  S  is  executed  then  a  =  a  .  This 
shows  that  disjointness  of  the  sets  a.  cannot  be  destroyed  by 
executing  such  a  step  S. 
Case  (2):  Assume  that  step  S  is  a  'stabilization'  step  (b)  relative  to 
a  marked  P-edge  A  =  {oj^,  . . .  ,  Oj^}  — >  a.  Then  step  S  performs 
the  operation 


a  ■<-  a  u  [pow  (a,,...,a»)  \   u    6  ]  . 
^     ^   A— >e 


If  disjointness  were  disrupted  by  step  S,  then  for  some  place 
Y  we  would  have  an  y  ^  0.  But  before  step  S  Is  executed 
a  n  Y  =  <?,  so  that 

(3.9)    [pow*(a.,...,ao)  \   U    Q    ]     n    y  ^  0 
^      ^    A— >B 

must  have  been  true  at  that  time.    Hence   by   the   induction 

hypothesis  (3.7)  {oj,...,a^}  — >  y  must  be  a  P-edge,  implying 

that  YC   U   6,  which  contradicts  (3.9). 
~  A— >B 

Proof  of  (3.6):  Again  we  distinguish  two  cases: 

Case  (1):  Let  step  S  be  step  (a)  relative  to  a  variable  x.  If  oi^(p.) 

>    a(q. 

1   for   every   place    a   in   11.    This    implies    that 

Mx  e  pow[   U    3],   showing   that   property  (3.6)  cannot  be 

B(qj)  =  l 
spoiled  by  such  a  step  S. 

Case  (2):  Let  step  S  be  a  stabilization  step  (b)  relative  to  a  marked 

P-edge   {ap...,a^}   ~>   a.   If  a(p.)  =  1  then  it  follows  by 

Definition  3,1  that  {a^, . . . ,  Oj^}  c  (3  |  e(q^)  =  U.   Therefore 
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only  elements  of  pow  (a.,...,a«)   Cpowf    u    b1  are  added  to 
1      ^   -    6(qj)  =  l 

a  by  step  S,  showing  that  (3.6)  still  holds  after  execution 
of  such  a  step. 
Proof  of  (3.7):  Let  (oij,...,a£}  be  a  P-node,  and  let 
a  n  pow  (a^,...,a£)  ^  0  just  after  step  S  is  executed.  Suppose  first 
that  s  e  an  pow  (aj^ ,  . . .  .dj^  )  is  an  element  newly  introduced  into  a  by 
step  S,  and  that  S  is  a  step  (a)  relative  to  some  variable  x,  so  that  s 
=  6j  U  ..  ,  U  gj^  e  pow*(B^,  ...  ,Bj^),  where  (B  p...  ,B  J  is  the  set  of  all 
places  B  such  that  B (x)  =  1;  moreover,  by  (3.5)  we  have  a  =  a  .  It 
follows  by  (3.5)  and  Lemma  3.2  that  {a^,...,ajj}  =  {Bi,...,BjJ. 
Therefore  {6^,...,B^  is  a  P-node  and  by  (C5b)  {Bi,...,Bj  ~>  "x  =  " 
is  a  (marked)  P-edge,  and  hence  there  exists  a  P-edge  (a, ,...,05}  — >a 
also. 

If  on  the  other  hand  s  is  newly  introduced  into  a  by  a  step  S  of 
type  (b),  then  by  definition  of  steps  of  this  kind  (see  the  Filling 
Algorithm)  there  exists  a  P-edge  {Bp...,B_}  — >  a  such  that 
s  e  pow*(B  ^,...,B^).  Again  we  have  {&i,...,Bj  =  {ai,...,a^}  by  (3.5) 
and  Lemma  3.2,  so  that  again  there  exists  a  P-edge  {a,,...,a _}  — >a. 

Next  suppose  that  sea  n  pow  (d^, . . , ,a^)  is  not  introduced  into 
a  by  step  S.  Since  s  e  pow  (a  ^ ,  . . ,  ,a'j^  )  C  pow(a^  U  ...  Ua^^),  elements 
of  s  are  also  elements  of  some  a.  ,  and  hence  by  (3.4)  s  is  either  of 
finite  rank,  or  has  an  element  of  rank  greater  than  w,  i.e.  s  has  rank 
greater   than  u+1.    Since   s  e  pow  (a  ^  . . .  .cTj^  ),   s   has   a   non-null 

t 

two  assertions  and  (C6f)  it  follows  that  if  s   is   present   in  a   even 
before   the   Filling  Algorithm  starts,   then   there   exists   a  P-edge 
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holds  even  in  the  case  in  which  s  is  introduced  into  a  by  an  earlier 
type  (b)  step  Sq  of  the  Filling  Algorithm.  In  both  these  cases  it 
further  follows  by  (3.5)  and  Lemma  3.2  that  {ai,...,aj^}  =  {6i,...,6_} 
which  proves  that  {ap...,a£}  — >a  is  a  P-edge. 

It  only  remains  to  consider  the  case  in  which  s  was  added  to  d  by 
an  earlier  type  (a)  step  Sq  involving  a  variable  x.  In  this  case,  s  = 
&l  U...  u  B^j  ,  where  {6i,...,6j  is  the  set  of  all  6  such  that  6  (x)  = 
1,  and  moreover  ct  =  a^  .  By  (3.5)  and  Lemma  2.2  {&  ]^, . . .  ,B  ^  = 
{aj,...,a£},  so  that  {&  ^,  ...  ,&^  is  a  P-node.  Therefore  by  (C5b) 
i&l,...,&^  — >  a^^  =  a  is  a  P-edge,  i.e.  {ap...,a£}  — >a  is  a 
P-edge,  completing  the  proof  of  (3.7). 

Proof  of  (3.8i): 


Case  (I):  If  the  step  S  is  a  stabilization  step  (b)  then  it  will  only 
modify  places  6  such  that  B  -j  a^  ,  where  x  is  the  variable 
most  recently  processed  in  step  (a).  By  (C5c2)  modification 
of  6  for  such  a  place  B  causes  no  change  in  any  My  for  any 
previously  processed  variable  y.  Thus  no  previously 
established  assertion  My  e  a   loses  its  validity. 

Case  (2):  If  S  is  a  step  of  type  (a)  relative  to  a  variable  x,  then 
immediately  after  step  S  the  variables  y  that  have  been 
processed  are  exactly  those  for  which  y  _<  x.  But  for  all  such 
variables  y  except  x  itself,  Qi^(y)  =  0  by  condition  (C2). 
Hence  My  e  0^  remains  t 
Mx  e  d^  just  after  step  S. 

Proof  of  (3.8ii):  Let  {&^,...,&J    be  the  set  of  all  places  6  such   that 
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3(x)  =  1.  Suppose  that  immediately  after  execution  of  step   S 
we  have 

il  U  ...  u  6„  e  5 
Case  (1):  Assume  that  6^   u  ...  U   0^  was  put  Into  a  by  step  S. 
We  distinguish  two  subcases. 
Case  (la).  Let   S   be  a  step  of  type  (a)  relative  to  a  variable  z. 
Then  Mz  =  0^  U...U  Q^   and  a  =   a^  •    ^^   follows   by 
(3.4)   and   (3.5)  that  for  each  place  6  e  n  S(z)  =  6(x), 
from  which  x  =»  z  and  a  =  a  follow  immediately. 
Case  (lb).  Next  let  S  be  a   stabilization   step   determined   by   a 
marked  P-edge 

A  =  {a^, .. . ,a^}  — >  a  . 

Then   (see   the   definition  of   the   Filling  Algorithm) 

B]^  U  ...  u  Be  pow  ( a,  , . . . ,  Oj^),       and       since 

6^  U  ...  U  &^     c   pow  (Bp...,6jj,)  ic  follows  by  (3.5)  and 

Lemma  3.2  that  {a^,...,ajj}  =   { 6^ ,  .  . . ,  S^j^} .   The   P-edge 

(6]^, .  . .  ,  Bgj}  — >  a  is  therefore  marked,  which  implies  a   = 

<^y.   by  condition  (C5a,b). 

Case  (2):  Assume  that  the  new  value  of  8^  u  ...   u  &^   belonged   to   a 

before   the  last  step  S  was  executed.   If  0,  ij   ...   u   Bj^  is 

not  modified  by  step  S  then  a  =  a  by   induction  hypothesis. 

The  only   other   possibility   contradicting  our  assertion  Is 

that  some  new  element  t  should  have  been  put  in  some   B.   by 

the   step  S,  and  that  the  new  value  s  =  0,  u  ...  u  6  thereby 

produced  should  have  been  a  member  of  a  before   the   step  S. 

In  this  case  it  follows  by  (C6a)  that  s    ^  9   and  that  the  rank 

of  s  is  different  from  u)+l.      Hence,  if  s  was  in  a  even  before 
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che  Filling  Procedure  started,  It  follows  by  (C6f)  that  there 
exists  a  P-edge  ^^ct  j^, . . ,  ,aj  J  — >  a  such  that 
s  e  pow  (dp  . , .  jdj^  ).  Moreover,  the  same  conclusion  applies 
(by  definition  of  the  Filling  Algorithm)  if  s  was  introduced 
into  d  by  an  earlier  type  (b)  step  Sq  .On  the  other  hand  if  s 
was  introduced  into  d  by  an  earlier  type  (a)  step  Sg  relative 
to  a  variable  z,  then  s  =  cT^  u  ...  U  djj^  ,  where  a  j ,  . . .  .a^  are 
all  the  places  a  such  that  ct(z)  =  1,  so  that 
s  e  pow  (dj^ ,  . . .  .dj  )  in  this  case  also.  Hence  in  every  case 
we  must  have  s  s  pow  (dp..,,d£)  for  some  places  aj,...,a£ 
(where  dp  . . .  ,0^  are  to  be  understood  as  Che  values  assumed 
by  Che  indicated  sets  at  some  time  before  step  S  was 
executed).   Since  s  c  d^  u  ...U  dj  ,  it  follows  that  t   must 

Tient 

executed,  which  by  (3.5)   contradicts   the   fact   that   t   is 
introduced  for  the  first  time  into  S>^   by  step  S. 
This  completes  the  proof  of  Lemma  3.3. 

It  is  now  easy  to  finish  the  first  part  of  the  proof  that 
conditions  (C1)-(C6)  are  sufficient  for  satisfiability  of  the  sec  P  of 
clauses.  Plainly,  when  execucion  of  Che  Filling  Algorichm  terminates 
conditions  (CI),  (3.4),  (3.5)  and  (3.8i)  imply  that  (3.3)  will  define  a 
model  M  of  all  literals  of  P  except  possibly  the  power  set  literals  of 
the  form  p^  =  pow(q^).  To  see  that  these  literals  are  correctly 
modeled  also  we  argue  as  follows.   By  (3.6)  we  have 


(3.10)       Mp   =   U     d  C  pow  (    u 


Ct(p;)  =  l    -       B(q.)  =  l 
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for  all  powerset  clauses  p.  =  pow(q,)  in  P.  On  the  other  hand  let 
s  e  pow(Mq.)  (where  0  <  j  <  k).  If  s  =  0  then  by  (C4)  we  have 
s  E  a,^  CMp.  .  Otherwise,  if  s  y'  0,  let  B^,...,B^  be  all  the  places  6 
for  which  s  n  6  ^  (}.  Since  s  C  Mq  .  ,  we  have  6  j^(q. )  =  1,  for  all  i  = 
l,...,m  by  (3.3)  and  (3.5).  Therefore  B  =  {Bj,...,Bj  is  a  P-node. 
Let  a  be  the  principal  target  of  (B  j , . . .  .B^jj}  (the  existence  of  a  is 
assured  by  condition  (C5a);  see  also  note  to  (C5b)).  Consider  the  last 
time  that  a  step  (b)  of  the  Filling  Algorithm  is  executed  relative  to 
the  marked  P-edge  {Bp...,B_}  — >a.  By  the  ordering  condition  (C5cl) 
no  set  Bi,...,B^  changes  any  more  after  this  last  assignment,  which  has 
the  form 


a  ^  a  U  [pow*(B,,...,B^)  \   U   y  ]  . 
^      "    B — >Y 


Moreover,  since  s  £  pow  (Bi,...,B„)  the  statement  s  e    ^   y  must  hold 

i        m  g y^ 

after  this  assignment  is  performed.   Since  B^(q.)  =  1  for  all  B^  e  B, 


target  y  of  B,  which  implies  that   U   y  C  Mp.  .   Thus  s  e  Mp.  ,   i.e. 

B~>y   -   J  J 

Mp.  C  pow(Mq.)   for  every  j  =  0,...,k,  which  together  with  (3.10)  shows 
that  Mp,  =  pow(Mq.),  for  every  j  =  0,...,k. 

The  argument  just  given  makes  it  plain  that  the  proof  of  our  main 
decidability  result  will  be  complete  as  soon  as  point  (C6)  above  has 
been  treated  adequately.   We  now  return  to  discuss  this  issue. 
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4.    PROOF  OF  NECESSITY  OF  CONDITION  (C6). 

To  prove  condition  (C6)  we  use  the  existence  of  a  model  M  to 
instantiate  the  nondeterrainistic  Initializt ion  Algorithm  which  appears 
in  this  section.  In  this  instantiation,  which  is  shown  just  below,  the 
notation  |s|  designates  the  cardinality  of  the  set  s.  The  algorithm 
makes  use  of  the  sets  a^    defined  by  (2.3). 

Instantiated  Variant  of  the  Initialization  Algorithm 
Begin  by  defining  a    for  every  initial  place  a  as  in  STEP  I  of   the 
Initialization  Algorithm  described  in  condition  (C6)  of  the  preceding 
section.   Then  repeat  the  following  loop: 

WHILE  there  exists  at  least   one   place  a   such   that  \d\      <  p   and 
a  7^  a^   DO: 

IF  there  is  at  least  one  P-node  A  =  {a  ,,.,., Ojj}  and  P-edge  A  — > 
a  such  that  |a |  <  p  ,  a  ^  a^  ,  d .  ^  0  for  j  =  I,  ...  ,1  ,  and 
some  d.  ,  j  =  l,...,ll,  satisfies  |a j  |  2  P.  00  = 

(a  1 cTo  )  \ 

A— >6 


Step  (a):  Pick,  pairwise  disjoint  sets  t^  c  pow  (a  j^ ,  . . . ,  a^  )  \   U 


one  for  each  a  such  that  A  — >  a,  in  such  a  way  that 
(3^)    l^ctl  2.  P  f°^  every  such  a 

(a2)   The  set  a^    u  ...  U  d^  must  belong  to  t^j  ,  where  a      is   the 
unique  (see  (C5a))  principal  target  of  A. 
Put  a  *■  a    U  t^    for  each  such  a  ; 
[Comment:  We  will  show  below  that  sets  t^^  having  the  stated  properties 
exist  whenever  Step  (a)  is  executed.   Indeed,  by  clause  (4.7)   of 

Lemna  4.1   below,   we   have   |pow  (d,,...,!!,)  \   u    B|   >  p*  n. 

^      '^  A-->6     ~ 

Therefore,  considering  that  the  P-node  A  can  have  at   most   n 
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targets,   it   follows   that   the   number   of   elements   in 

pow  (a, , . . .  ,  ci(, )  \    U   3  Is  large  enough  to  satisfy  (al)  above. 

^      *    A— >0 
Condition      (4.7)      of      Lemma  4.1      implies     that 

a,  U...  U5|,  ^   U    6,   so   that   the   element   a,  U  ...U  a,,  , 
1  *   A~>6  ^  ^ 

which   clearly  belongs  to  pow  (ctj^, . . .  ,  a^)  can  be  put  in  t^t,  where 
a  is  the  principal   target   of   A,   so   that   (a2)   can  also   be 
satisfied. ] 
ELSE 
Step  (b).   Pick  any  P-edge  A  =  la^,...,aj^}  — >  a  such  that 
|a|  <  p,  a  it  a^  ,  and 

A.  =  (pow  (a,,...,aj)  \   u    6)  ?t  i?  . 

For  each  3  such  that  A  — >  B,  put  3  -^  B  U  ( A^  n  Og). 
[Comment:   We  will   show   below   that   such  a   P-edge  A  — >  a   can  be 
selected  whenever  this  branch  of   the   IF   is   reached;   this   is 
clause  (4.8)  of  Lemma  4.1.] 
END  IF; 
END  WHILE; 

Remark  1 .  Note  that  the  foregoing,  which  assumes  the  existence  of 
a  model,  is  indeed  an  instantiation  of  the  nondeterministic 
Initialization  Algorithm  given  in  Section  3. 

Remark  2.  Observe  that  no  initial  place  is  affected  by  any  step 
of  type  (a)  or  (b). 

The  properties  of  the  above  I. V.I. A.  (Instantiated  Variant  of  the 
Initialization  Algorithm)  that  we  need  to  prove  are  listed  in  the 
following 
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Lemma  4,1.   The  following  conditions  hold  during  execution  of   the 
I. V.I. A.. 

(4.1)  Each  a  is  finite  and  if  a  is  not  initial  and  tea  then  rank.(t) 
is  either  finite  or  exceeds  co  +  1. 

(4.2)  a     n   Q    =  0   for  every  a    ^  S>  . 

(4.3)  u  d  C  pow(  \j  gj  for  every  'powerset'  clause  of  the 
a(pj)  =  l   -     6(q.)  =  l 

form  p.  =  pow(q , ) 

(4.4)  If  s  is  put  for  the  first  time  into  a  by  a  step  S  of  type  (a) 
or  (b),  and  sets  pow  (0j,...,B  ),  then  immediately  after 
execution  of  the  step  S  we  have  t   i  y    for  every  y  e  11 . 

(4.5)  If  pow  (dj ,  . . .  ,d(,  )  n  a  ^  <)  then  {a  ^  . . .  ,ajj^}  is  a  P-node  and 
there  exists  a  P-edge  (op...,a£}  — >a 

(4.6)  For  each  place  a,  |d|  <  p  implies  a   c  o^    . 

(4.7)  If  the  P-edge  A  =  {a  ^  .  ..  ,aj^}  — >  a  satisfies  |d|  <  p  ,   a    ^  a^    , 

a.    jt(3,  for  all  )  =  [,  .. .  ,1    and  |d.  |  >_  p    for  some  j ,  then  d^  u 

u 
A— >6 


|pow  (d, , ... .aj  )  \   U   6  I  >  P*  n  . 


(4.8)  If  no  P-edge  A  =»  {aj,...,aj^}  — >a  satisfies  all  the  conditions 
\a\  <p,  d  jto^  ,  d.  jt^  for  all  j  =  I ,  . . .  ,1  ,  and  |d  •  |  2  P  for 
some  j,  but  there  exists  some  place  Y  such  that  Iy"!  <  p  &  Y  ^ 
o^  ,  then  there  also  exists  a  P-edge  B  =  {Sp...,6^  ~>  S  with 
|6  I  <  p  &  6  )*  Og  such  that 


A^  -  pow  (6i,....0„)  \  ^_u^  5  ^   a 
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Moreover  ^3  C   U    Ot  for  each  such  P-edge  B  — >  B. 
B — >6 

Proof :  We  proceed  by  Induction  on  the  number  of  steps  (a),  (b) 
executed.  First  assume  that  no  step  (a)  or  (b)  has  been  executed  but 
that  a  have  been  initialized  in  the  manner  specified  by  the  algorithm. 
It  is  then  immediate  that  (4.1),  (4.2),  and  (4.6)  all  hold,  while  (4.4) 
holds  vacuously.   The  remaining  points  require  a  bit  more  discussion. 

Proof  that  (4.3)  holds  initially:  If  a  =  Og  then  a.  =      {0}  C  pow(s) 

for  every  set  s.  Next  let  a(p.)  =  1  and  a  j'  o^  .   Pick  some  pea  such 

that  p   ^  9,    and  let  B  =  f2p...,6jjj}  be  the   set   of   all   6  such   that 

On   £  Mq  .   and   Og  n  p   ^  (),        Since   a(p  . )  =  1 ,  we  have  p  e  o^^  C  Mp .  = 

pow(Mq.),  i.e.   p  C  Mq  .  ;  hence  p  =  U  (oo   '^  p).   Thus   for  any   other 
J  -   J  geB   ^ 

powerset  clause  p.  =  pow(q.)  we  have 


a(p^)  =  1  <=>  p  c  Mpi  <=>  p  C  Mq^  <=>  Og  n  p  C  Mq^   for  all   j  =  1, ... 

<=>  6j(q^)  =  1   for  all  j  =  l,...,m, 

proving  that  (6^, . . .  ,  0^^^}  — >  a  is  a  P-edge.  Thus  a  is  not  initial, 
from  which  it  follows  that  a  =  0  initially,  so  again  a  c  pow(s)  for 
every  set  s. 

Proof  that  (4.5)  holds  initially:  Suppose  that  pow  (a,  ,...,aj,) 
n  a  ^  (),  and  let  s  e  pow  (a^....^^)  n  a,  so  that  s  c  oj^  u  ...  U  Oj^ 
is  nonempty.  Plainly  this  s,  which  belongs  to  5  must  be  an  individual, 
but  then  s  C  5^  U  . . .  ^  a.^  implies  that  the  member  o)  of  s  must  belong 
to  some  a  ,  which  is  impossible  by  (4.1).  Thus  (4.5)  is  satisfied 
vacuously. 

Proof  that  (4.7)  holds  initially:  Let  A  =  {a^,...,a.^}     — >   a  be' 
such   that  \a\    <  p,    a.  ^   a^   ,    a.    ^  9   for  j  =  !,...,£,  and  for  some  a.  , 
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|aJ   >  p.    Since   initially    U    g    =   0,    it   follows   that 
J'   -  _        A~>6 

a^  U  ...  U  d^  ^  U  6.  Moreover  since  d^  . . .  .a^  are  all  nonempty, 
since  some  |d.  |  _>  p,  and  since  2^-1  2.  ^^~  >^P'n  by  the  way  we  have 
chosen  p  (see  the  paragraph  immediately  following  the  statement  of 
condition  (C6)  in  the  preceding  section)  we  have 

|pow*(dp...,(Jj^)|  >  p  •  n  . 

Proof  that  (4.8)  holds  initially:  Assume  that  no  P-edge  A 
{ot]^,  . . .  ,a^}  — >a  satisfies  all  the  conditions:  \a\  <  p  ,  d  ^  o^  >  '^i  ^ 
(f  for  all  j  =  !,...,£,  and  |ct .  |  2p  for  some  j,  but  there  exists  some 
place  Y  such  that  |y  |  <  p  &  f  f*^  a  ,  Since  a^  =  o^  ,  and  Idl  =  p  for 
all  other  initial  places,  the  last  assumption  above  implies  that  y  is  a 
non-initial  place.  Let  t  e  Og  be  a  set  of  minimal  rank  among  all  sets 
sea  with  y  a  non-initial  place.  Clearly  t  ^  0y  since  S  ^  a0  because 
00  is  an  initial  place  by  (C3).  Moreover  since  8  is  not  an  initial 
place,  Og  C  Mp^  ,  for  some  j  t  {l,...,k}.  Therefore  t  ^Mq.  .  Let 
{S^,...,e^  be  the  set  of  all  places  6'  such  that  OQ^n  t  ^  0.  Clearly 
B^(q.)  =  1  for  all  i  =  l,...,m,  and  therefore  B  =  {Bp...,e^  is  a 
P-node.  It  follows  by  the  remark  following  Lemma  3.2  of  the  preceding 
section  that  {3j,...,8j^  — >  S  is  a  P-edge.  By  the  minimality  of  rank 
of  t  all  places  8^  are  initial,  since  otherwise  there  would  exist  some 
t'  e  t  n  Og  where  $^  was  non-initial,  and  then  plainly  t'  would  have 
lower  rank  than  t.  Since  by  our  assumption  |8 ^ |  <  p  for  all  i  = 
l,...,m,  it  follows  that  m  =  1  and  B^  =  a^  .  Therefore  ^^  = 
pow*(B^, . . .  ,8^,)  \  U  5  =  pow*(a0)  =  {{0}}  ^  0  ,  and  moreover  Ap  = 
pow  (00)  C  Og  c   U    o^  ,  which  proves  (4.8). 

This  completes  our  first  induction   step.    Next   we   assume   that 
(4.1)-(4.8)   all  hold  immediately  before  a  step  S  of  type  (a)  or  (b)  is 
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executed  and  show  that  all   these   statements   must   still   hold  after 
execution  of  this  step. 

Proof  of  (4.1):  All  elements  initially  placed  in  any  set  d  are 
either  of  finite  rank  (namely  the  0  in  a0  =  {  0}  )  or  are  individuals  of 
rank  u)+l  and  all  d  are  initially  finite.  If  all  the  elements  of  a 
finite  set  s  are  either  of  finite  rank  or  of  rank  at  least  w+I,  then 
every  subset  of  s,  i.e.  element  of  pow(s),  is  plainly  either  of  finite 
rank  or  of  rank  at  least  uj+Z.  The  set  pow  (a^ ,  . .  .  ,aj^  )  is  a  subset  of 
pow(d,  u  ...  udj,),  and  in  all  steps  s  of  either  kind  (a),  (b)  all 
elements  added  to  any  set  d  belong  to  now  (dp...,dj^).  It  follows  by 
induction  that  d  remains  finite  after  execution  of  step  S,  and  that  if 
a  is  not  initial  and  ted  then  rank(t)  is  either  finite  or  greater 
than  uj  +  1. 

Proof  of  (4.2):  Let  a  /  6  and  let  d',  B'  be  the  new  values  which 
the  sets  d,  6  take  on  immediately  after  seep  S  is  executed.  We 
distinguish  four  cases: 

Case  (a):  If  d'  =  d,  6'  =  6  then  d'  n  6 '  =  0  by  induction 
hypothesis. 

Case  (b):  If  d'  ^  a,   6 '  ^  &    then  d'=dUtj,B'=  Sut2  where 

t^    jt   0   and   t2   ^       0.     If    step  S   is   of   type  (a),   then 

tpto  C  pow*(dp  . .  .  ,d^  )  \   U   S  for  some  A  =  {ap...,aj^}  such  that   A 
A — >6 

— >  a,  A  — >  6  are  P-edges,  and  t^  n  t2  =  0.  The  same  conclusion 
follows  easily  even  if  step  S  is  of  type  (b),  since  in  this  case 
^1  E'^a  '  ^2^03  ,  and  a^  o  Og  =  0. 

Therefore  (t ^  U  t2)  n  (d  u  6 )  =  0  in  all  these  cases.  Since  by 
induction  hypothesis  d  n  6  =  0  it  is  clear  that  we  still  have  a'  n  &'  = 
0  after  step  S  is  executed. 
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Case    (c):      If      a'      ^     a,      B'      =      g     then      a'      =     out      for        some 

t   C  pow   (a,,...,cij)    \      U  Y  where  A   =    {a,,...,oi5}   ~>   a  is   a  P-edge. 

*         A — >  Y 

It  follows  by  induction  hypotheses  (4.2)  and  (A.  5)  that  a'  n  6'  =  (?. 

Case  (d):  The  case  5'  =  o,  B'  ^t  g  is  symmetric  to  the  preceding 
case. 

Proof  of  (4.3):  If  no  set  a  for  which  a(p . )  =  1  is  modified  by 
step  S  then 


U    ct'  =     u    a  C  pow(   u   Bj  C  pow    u    6'  , 
a(Pj)      ci(pp=l   -     6(qj)  =  l   -     6(qj)  =  l 

by  induction  hypothesis,  where  as  before  a',  B'  indicate  the  values 
assumed  by  the  sets  a,  B  immediately  after  step  S  is  executed.  On  the 
other  hand  if  a(p.)  =  1  and  s  is  put  into  a  by  step  S  then 
s  e  pow  (a^, . . .  ,aji^)  for  some  P-edge  {a^,...,aj^}  — >  a  by  definition  of 
the  I. V.I. A.,  irrespective  of  whether  S  is  of  type  (a)  or  (b).  But 
then  a^(qj)  =  ...  =  a£(q j )  =  1  by  Definition  3.1,  which  implies 
s  e  pow[  U  B'j,  showing  that  (4.3)  continues  to  hold  immediately 
after  step  S. 

Proof  of  (4.4):  Assume  that  s  is  put  into  a  for  the  first  time 
during  execution  of  step  S  and  let  t  be  such  that 
s  e  t  e  pow  (B|,...,B  ).  If  t  e  y  for  some  place  Y  then  since  rank(t) 
^  (jj+1  (cf.  (4.1)),  Y  is  not  initial.  It  follows  that  t  must  have  been 
put  into  Y  in  some  preceding  step  Sq  of  type  (a)  or  (b)  for  some  P-edge 
{y^,...,Yji}  — >  Y-  Hence  t  e  pow  (Yp...,Y£)  which  implies  that  we 
must  have  had  s  e  Y.  for  some  j  immediately  prior  to  the  execution  of 
step  Sq  .  But  this  is  impossible  by  (4.2)  since  s  is  an  element  newly 
introduced  into  the  set  a. 
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Proof  of  (4.5);  Assume  that  pow  (a [,..., cr£)  n  a'  /■  0  immediately 
after  step  S  is  executed,  where  as  previously  al  designates  the  value 
assumed  by  a.  immediately  after  step  S.  If  pow  (dp  .  . .  ,a^  )  n  d  /=  0 
before  step  S,  then  by  induction  hvDothesis  {a,,...,a^}  is  a  P-node  and 
there  exists  a  P-edge  {aj,...,a^}  — >  a.  On  the  other  hand  if 
pow  (dp...,d£)  nd  =  0  immediately  before  step  S,  then  S  itself  must 
introduce   some   new  element   t   into   pow  (aT , . . . ,d£ )  n  a' .  If    t 

^  pow  (dp...,d£)  before  step  S  is  executed,  then  since 
t  e  pow  (6rj',,..,d£)  after  step  S  is  executed,  some  new  element  set 
must  have  been  introduced  into  some  d.  by  step  S,  giving 
s  e  t  e  pow  (dp...,d{).  Hence  it  follows  by  (4.4)  that  t  ^  f  for  all 
places  y.  This  contradicts  t  e  d',  thus  t  e  pow  (d,,...,dj,)  even 
before  step  S  is  executed.  Therefore  t  must  be  introduced  into  d  by 
step  S,  which  implies  that  t  e  pow*(6  j ,  . . .  ,0^)  for  some  B  =  {&i,...,&^ 
for  which  there  exists  a  P-edge  B  — >  a.  It  follows  by  (4.2)  and 
Lemma  3.2  that  {8j,,.,,Bj  =  ia^,  ...  ,a^}  ,  which  implies  that 
{cp. ..,«£,}  is  a  P-node  and  there  exists  a  P-edge  {aj,...,ajj}  — >a. 

Proof  of  (4.6):  Let  \a'\  <  p,  where  as  before  d'  designates  the 
value  of  d  immediately  after  execution  of  step  S,  If  d'  =d  then 
d'  _  0(j  by  induction  hypothesis.  Otherwise  since  |d' |  <  P  step  S  must 
be  of  type  (b)  and  thus  d'  =  d  u  t  with  t  c  o^^  by  definition  of  step 
(b)  of  the  I.V.I. A..  Thus  d'  c  a^  still  holds  after  step  S  is 
executed. 

Proof  of  (4.7):  Let  A  =  {ap...,a^}  — >a  be  a  P-edge  satisfying 
all  the  conditions  |d|<p,d/a,  d.  ^0forallj  =  1, ...,£,  and 
|d. I  2_  P    for  some  j.  We  distinguish  two  principal  cases. 
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Case  (1):  If  the  P-edge  A  — >  ct  satisfies  the  above  conditions 
immediately  before  step  S  is  executed  then: 

Case  (la):  Suppose  that  no  6  for  which  8  is  a  target  of  A  is 
modified  by  step  S.   In  this  case  it  follows  by  induction  that 


|pow*(ar,  ...,dr)  \   U   0'  I  >  !pow*(cr,  ,...,ap  )  \   U    6  |  >P  •  n 
^      *    A— >6      -        ^      ^  A~>6 


(where  as  above  dr  ,  p'  indicate  the  values  assumed  by  the  sets  a.    ,  0 

inimediately  after   execution  of   step  S).   Moreover   by   induction 

hypothesis  d,  U,..Ud(,  4       U   B'=   U    g.   If  none  of  the  d  •  are 
^  ^    A— >6      A— >6  J 

modified  by  step  S,  then  (4.7)  follows  immediately.  On  the  other  hand 
if  one  of  the  ^-^^...yoij^  is  modified  by  step  S  then  by  (4.4)  we  have 
aT  U  ...U  dp'  i       U   B',  so  that  (4.7)  is  true  in  this  case  also. 

Case  (lb):  Mext  suppose  that  some  T  for  which  Y  is  a  target  of  A 
is  modified  by  step  S,  We  will  prove  that  (y'  \  y")  n  pow  (dr,...,d£)  = 
(?,  where  Y'  ,  d|,...,dj^  are  the  new  values  of  y",  a  ^,  . , .  ,a^  after 
execution  of  step  S.  To  show  this,  we  proceed  by  contradiction,  and 
suppose  that  there  exists  some  element  z  such  that 
z  e  (f '  \  Y  )  n  pow*(crj',  ...  ,d{).  Then  by  definition  of  the  I. V.I. A., 
z  e  pow*(B^,...,0^)  for  some  P-edge  {Si,...,6^  — >  Y  .  Hence  by  (4.2) 
and  Lemma  3.2  we  have  A  =  (a  ^,  . . .  ^aj)  =  (6  ^, . . .  ,6  J  .  It  follows  by  the 
principal  hypothesis  of  (4.7)  that  S  must  be  a  step  of  type  (a). 
Therefore,  after  step  S,  we  must  have  |6  |  >  p  for  every  target  B  of  A, 
contradicting  the  existence  of  a  P-edge  A  — >  a  satisfying  the 
condition  of  step  (a),  i.e.  the  principal  hypothesis  of  (4.7).  This 
shows  that  if  z  e  y"  \  Y  then  z  4  pow  (dj^ ,  . . .  .d^' ),  as  claimed. 
Therefore  it  follows  by  induction  that 
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|pow*  (a  [,..,, a£)  \       U        f  I  2  |pow*(dp  .  .  .  ,dj^  )  \   ^U    y"  |  > 


Next   we  must  prove  Chat  aj  U  ...   U  d£  ^   U   6'  holds  in  case  (lb), 

which  we   do   as   follows.    First   suppose    that   dT  U...  U  df    = 

a^  U  ...  U  djj  ,   i.e.    that   step  S   modifies   no   set  a^.        Then   by 

induction   hypothesis   dr  u  , . .  u  d,,'  =   d,  U  ...  Ud^    ^   u   B. 

^           _  A— >6 

Therefore   if  a  r  U  . . .  U  dj'  e   U    6'  we   must   have  dr  U  ...  U  do' 

^          "^    A~>6  ^          ^ 

E  55  \  ^0  ^°^   some  target  Bg  ot  A.  Since  by  hypothesis  of  case  (1)   all 

the  conditions  |d|  <  p  ,  d  ji  a^  ,  a^  ?t  0  for  all  j  =  1, . . .  ,£  ,  and  |a  j  |  2 

p  for  some  j,  are  satisfied  by  the  P-edge  A  =  {a,,...,aj}   — >  a   just 

before   step  S  is  executed,  step  S  must  be  of  type  (a).   Moreover  since 

the  P-edge  A  — >  a  satisfies  the  same  conditions  above  after  step  S   is 

executed,  it  follows  that  step  S  must  be  a  step  of  type  (a)  relative  to 

a  P-node  CBj,.,.,6j  f   {Qt^,...,a£}  having  Bq  ^^   °"^   °^  ^'^^      targets. 

But   then  d[  U  . . .  U  d£  e  pow*(6  ^ ,  . . .  ,6^^^)  n  pow*(dJ',  ...  ,d{  )  which  by 

(4.2)  and  Lemma  3.2  implies  (6  ^  ...  ,6^  =  {a  p  . . .  .Oj^^}  ,  a  contradiction. 

This   shows  that  dr  U  . . .  u  an    ^     U    g'  in  the  case  in  which  step  S 
^  ^    A~>0 


modifies  no  set  d.  . 

The  one  remaining  subcase  of  principal  case  (1)  is  that   in  which 

one   of  the  sets  d^  is  modified  by  step  S.   But  in  this  case  it  follows 

easily  by  (4.4)  that  dr  U...  u  dn'  ^   U   6'. 
^  '^        A~>6 

Having  now  completed  our  analysis  of  principal  case  (1)  of  the 
proof  of  (4.7),  we  turn  immediately  to 

Case  (2):  Here  we  suppose  that  the  P-edge  A  — >  a  did  not  satisfy 
all  the  conditions  |d|  <  p  ,  d  ?t  o^  ,  d-  ^0  for  all  j,  and  |d.  |  ^P  for 
some  j  immediately  before  step  S  was  executed,  even  though  these 
conditions  are  satisfied  immediately  after  step  S  is   executed.    Since 
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by  (4.6)  we  have  S"  C  o^  and  since  a'  i'  o^  by  hypothesis  of  (4,7),  the 
conditions  |d|  <  p  and  a  f  a^  must  have  been  satisfied  before  S  was 
executed.  From  this  it  is  clear  that  some  new  element  z  must  have  been 
put  into  some  one  of  the  a.  by  step  S.  Moreover  there  must  be  some  a- 
such  that  Id^l  >  p.  If  i  ?t  j  chen  there  clearly  exist  2*^-1  elements  of 
pow  (d^,...,d£)  having  the  form  d[  U...  U  dj_^  '-'  '^j+1  '-'••• 
U  d£  U  s,  where  s  C  gT;:  and  s  -^  0.  Clearly  all  these  sets  contain  z  as 
an  element,  and  since  z  was  put  into  a  for  the  first  time  by  step  S,  it 
follows  by  (4.4)  that  none  of  these  sets  belongs  to  U  6'.  This 
shows  that 


|pow*(dr,...,6rf )  \   u   6'  I  >  2^-1  >  2P"^  >p  •  n 


Next   we  show  that  the  same  assertion  follows  even  if  i  =  j.  Indeed,  in 

this  case  we  can  reason  in  just  the   same  way,   except   that   now   the 

number   of   sets  of  the  form  dT  U  ...  U  a^_i  U  a^^.^  U  . . .  u  dj^  u  s  with 

z  e  s  C  dr  that  do  not  belong  to   U   3'  can  only  be  asserted  to  be  at 
-  ^  A— >6 

least   2P~^    (however,    this    is   all  we   need).   Finally   since 
z  e  d^  U...  U  cr£  and  z  is  newly  inserted  into  d^  by  step  S  we  have 


a,  u  ...  u  Op  ^   U 
^  ^        A— >  6 


by  (4.4),  completing  the  proof  of  (4.7). 

Proof  of  (4.8):  Assume  that  no  P-edge  (ct  ,  ,  . . .  ,ajj}  — >  a  satisfies 
the  conditions  |d|  <  p  ,  a  ^  a^  ,  a^  ^  0  for  all  i  =  i ,  . . .  ,Z  ,  and  \a^\  > 
p  for  some  i,  but  there  is  some  a  such  that  |d|  <  p  &  d  ^  ''a  *  ^®^ 
t  e  Og  \  B  be  a  set  of  minimal  rank,  among  all  sets  sea  \  y  ,    \f\    <  P  • 


CLAIM:   t  e  An  =  now  (&,,...,&)      \         u    5   for  some  P-node  B  = 
°         ^      "      B — >  6 

Indeed,  6  Is  not  Initial  because  |6  |  <  p  and  8  ^  a^^  since  d^  =  a^ 
=  {0}.  Thus  6  is  the  target  of  some  edge,  and  thus  it  follows  from 
Definition  3.1  that  Og  C  Mp.  for  some  j.  Let  6 ^ , . , .  ,6 ^  be  all  places  6' 
such  that  Og  ^  n  t  ^  0.  Since  t  C  Mo  ^  ,  we  have  Bj^(qp  =  1  for  all  1  = 
l,...,m,  which  shows  that  B  =  {6 j , . . .  ,0  ^J  is  a  P-node.  The  Remark 
immediately  following  Lemma  3.2  shows  that  {6j,...,6_}  — >8  is  a 
P-edge.  If  t  n  6^  =  0,  then  any  t'  e  Og  n  t  would  have  rank  smaller 
than  t  and  would  belong  to  Og  \  6^  ;  hence  the  minimality  of  rank(t) 
implies  that  8^  ^  0,  for  all  i  =  l,...,m.   Therefore,  since   no  P-edge 

{ct^, ,aj^}  — >a  satisfies  the  conditions  enumerated  above,  it  follows 

that  |6^|  <p  for  all  i  =  l,...,ra,  which  by  (4.6)  implies  8  ^  C  Og   ,   i 
I,...,m.   We   noted   just   above   that   t  nS^  /  0  follows  from  the 
minimality  of  rank(t),  so  that  t  e    pow*(B  ^ ,  . . .  .S^^j) . 

To  prove  that  pow*(8  ,  ,  . . .  ,8  „)   \      U         f  i^  <2,   we  will 

{8i,....6j->r 

now   show   that   t  5^   U   y>   where   B   =  {8i,...,8J.   We  proceed  by 
B — yQ 

contradiction,  i.e.   assume  that  t  e    u   -f,  and  let  Y n  be  the   target 

B— >Y  ^ 

of  B  for  which  t  e  Yq  .  Since  Yg  ^^  ^°^  initial,  it  follows  that  t 
must  have  been  introduced  into  Yq  by  some  earlier  step  Sq  of  type  (a) 
or  (b)  relative  to  a  P-node  (y ^ , . . .  ,Y ^  having  Y g  ^s  one  of  its 
targets.  But  then  t  e  pow*(B  j ,  . . .  ,6  j^)  n  pow*(Y'p...,  Y^.),  so  that  by 
(4.2)  and  Lemma  3.2  (y  j,  ..  .  ,Y^  =  (8  i,  ...  ,8  J  .  Since  |8i|  <  P  for  all 
i  =  I,...,m,  this  Implies  that  step  Sq  must  be  of  type  (b).  Inspection 
of  the  code  of  step  (b)  of  the  I. V.I. A.  shows  that  since  t  e  Og  ,  the 
set  Yq  into  which  Sq  introduces  t  must  be  8,   contradicting   the   fact 
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that   t  e  Og  \  B.   This  contradiction  shows  that  t  ^   U   y,  verifying 

B — >Y 

that  A„  =  pow*(e  1  ,  ...  ,6  )  \   U    Y  i^  I?,  as  claimed. 
«    ^      1'    '  m    3__x^ 

It  only  remains  to  show  that  An  C   U    a^  .    To   see   this,   let 

-  B — >Y   ' 

s  e  pow  (S  j^,  .. .  ,6jjj)  C  pow  (.Oq    ,  . . .  .Og  ).  .  Since  Og   U  . , .  U  Og   C  Mq  .  , 

we  have  s  e  pow(Mq.)  =  Mp,  .   Let  Y  be  the   place   such   that   s  e  o^  . 

Then  pow  (Og  , . . .  ,ag  )  n  a    /  (} ,    from  which  it  follows  by  the  Remark 

just  after  Lemma  3.2  that  (6  p..., 6^  — >Y  is  a  P-edge.   This   proves 

that  A„  c   U    Oy   completing   the  proof  of  property  (4.8)  and  hence 
°  -   B — >  Y   ' 

that  of  Lemma  4,1,  Q.E.D. 


To  prove  that  the  number  of  successive  steps  of  the  I.V.I.A. 
executed  before  it  terminates  is  at  most  n  2^ ,  note  that  in  the 
I.V.I.A.  each  set  node  B  =  {&  y,  . . .  ,Qj  is  processed  at  most  once  by 
step  (a),  since  after  B  has  been  processed  every  target  a  of  B 
satisfies  |a|  _>  P .  On  the  other  hand  it  follows  by  inspection  of 
step  (b)  and  from  the  final  conclusion  of  (4,8)  that  immediately  after 
{3^,...,0i^  is  processed  by  a  step  S  of  type  (b)  we  must  have 
pow  (B,,...,3„)  C  U        6'   (where   as   above   symbols  3- 

designate  values  just  before  S  and  B'  values  just  after  S),  so  that 
step  (b)  will  not  again  be  applied  to  the  P-node  {S,,,,.,S_}  until  some 

new  element  has  been  added  to  at  least  one  of  the  sets  6, B   .    It 

i '      m 

follows  that  by  the  (p-l)*m-th  time  {0i,...,B_f  has  processed  in  step 
(b)  each  B^  must  have  at  least  (p-1)  elements.  Thus  the  P-node 
i6]^,...,6^  can  be  processed  at  most  pn  times  by  the  I.V.I.A,  Since 
there  are  no  more  than  2"  set  nodes,  it  follows  that  the  total  number 
of  steps  (a),  (b)  which  the  I.V.I.A.  can  execute  before  halting  is 
bounded  by  pn2". 

It  is  now  easy  to  complete  the  proof   that   condition   (C6)   holds 
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upon  termination  of  the  I. V.I. A.  For  this,  note  first  of  all  that 
properties  (C6b,c,d)  are  the  same  as  (4.2),  (4.3)  and  (4.5).  Because 
of  (4.1),  to  prove  (C6a)  we  need  only  show  that  upon  termination  of  our 
instantiated  version  of  the  Initialization  Algorithm  no  set  a  is  empty. 
But  this  is  clear  since  when  the  computation  stops  there  is  no  place  a 
such  that  \a\  <  p  and  cT  ^  a^  and  in  particular  there  is  no  place  a  such 
that  a    =  0.  ■ 

To  prove  (C6e)  we  proceed  as  follows.  By  (4.1)  a  is  not  initial 
if  a.  u  ...  Ua£  e  d,  so  that  in  this  case  ai  u  ...  U  o^  must  have  been 
put  into  a  by  some  step  of  type  (a)  or  (b).  Thus  we  must  have 
a^U  . .  .U  a^  E  pow  (6  ^,  . . .  ,6(^)  for  some  P-edge  B  =  (S  ^,  . . .  ,6^  — >  ct  , 
and  by  Lemma  3.2  and  (4.2)  this  implies  B  =  {a^,...,a£}  which  shows 
that  {a^,...,a£}  is  a  P-node.  Observe  that  since  a  p  . . ,  .cT^  are  the 
values  which  these  sets  assume  at  the  end  of  execution  of  the  I. V.I. A., 
the  step  S  which  puts  a^  u  ...  U  a  j,  into  d  is  the  last  step  in  which 
the  P-node  B  is  processed  by  the  I. V.I. A.  Indeed  once  P-node  B  is 
processed  by  a  step  of  type  (a)  then  by  (al)  of  the  I. V.I. A.  \B  \  >  p 
for  every  target  6  of  B,  so  that  B  will  never  be  processed  any  more. 
Also  by  condition  (4.8)  (see  especially  its  final  assertion)  a  P-node  B 
=  ^6  J,  . . .  ,B  jjj}  can  be  processed  by  a  step  of  type  (b)  only  in  the  case 
that  either  B  has  never  been  processed  or  that  some  6^  has  been 
enlarged  since  the  last  time  the  P-node  3  has  been  processed. 

In  order  to  show  that  the  P-edge  {aj,...,aj^}  — >a  is  marked  we 
first  note  that  if  the  step  S  which  puts  d,  u  •••  U  <^i  into  a  is  of 
type  (a),  it  follows  at  once  by  (a2)  of  the  I. V.I. A.  that  the  P-edge 
{ct  ^, . , .  ,ajj^}  — >a  is  marked.  Next  consider  the  other  possible  case,  in 
which  step  S  is  of  type  (b),  so  that  by  definition  (see  the  text  of  the 
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I.V.I.A.)  we  have  5^  U  . . .  U  5^  ^  <^a  '  ^^  remarked  above,  the  P-node 
{aj^,...,a£}  is  processed  for  the  last  time  by  step  S.  Therefore  |  a.  |  < 
p  for  all  i  =  I,,.., I,  since  otherwise  {a^^, . . . ,  Oj^}  would  have  been 
processed  by  a  subsequent  step  of  type  (a)  before  the  I. V.I. A. 
terminated.  Moreover,  the  I. V.I. A.  only  terminates  when  there  is  no 
place  a  such  that  |a|  <  p  and  a  ^^  a^  ,  so  that  by  (4.6)  on  termination 
we  must  have  5.  =  a^  ,  i  =  !,...,£.  Consequently  a  u  •••  U  a 
cij^  U  . . .  U  a^  e  a^j  ,  which  shows  that  the  P-edge  {aj^,  . . . ,  aj^}  — >  a  is 
marked  (indeed  a  P-edge  {0^...,$^^^}  — >  0  will  be  marked  if  and  only  if 
CTg  U  . . .  U  Og  e  Ool  see  the  proof  of  Condition  (C5)).  This  completes 
the  proof  of  (C6e). 

Finally,  to  prove  (C6f),  let  s  be  a  non-empty  set  whose  rank  is 
not  oj+I  and  which  is  such  that  sea  for  some  place  a.  Then  since  all 
non-empty  elements  of  any  initial  place  have  rank  ori-I,  a  is  not  an 
initial  place.  Therefore  s  must  have  been  put  into  a  by  some  step  S  of 
the  I. V.I. A.  of  type  (a)  or  (b).  It  follows  that  there  exists  a 
P-edge  {a^,  . . .  ,aj_}   — >  a  such  that  s  e  pow  (  oj^, . . .  ,  a^),  proving  (C6f). 

This  completes  the  proof  that  conditions  (C1)-(C6)  are  necessary 
are  necessary  for  satisfiability  of  Q,  thereby  supplying  the  last 
element  needed  to  establish  our  main  result,  to  wit: 

Theorem  4.2.  Conditions  (C1)-(C6)  are  necessary  and  sufficient 
for  satisfiability  of  the  set  P^  of_  clauses ;  hence  the  satisfiability  of 
a_  set  of  clauses  of  this  form  can  be  decided  algorithmically . 

Having  now  proved  this  main  result  we  go  on  immediately  to  sharpen 
it  by  showing  that  if  the  clause  set  P  is  satisfiable  it  can  be 
satisfied  by  a  collection  of  sets  whose  maximum  rank  can  be  bounded  in 
terms  of  the  size  of  P. 
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5.    MODELS  OF  P  OF  FINITE  AND  BOUNDED  RANK 

As  before  let  P  be  a  coninnctlon  of  clauses  of  types 

x=yuz,   x=y\z,   x=0,   xey,   x^y,   x=  pow(y), 

and  let  y,,...,y^  be  the  distinct  variables  occurring  in  P.  Assume  that 
P  is  satisfiable,  and  let  H,  <  ,  ^  be  respectively  a  set  of  places  of 
P,  an  ordering  of  variables  y ^, . . . ,y^  ,  and  an  ordering  of  places  in  H 
satisfying  all  the  conditions  (Cl-6)  stated  in  Section  3.  We  will  now 
show  that  condition  (C6a)  can  be  restated  in  the  following  sharpened 
form: 

(C6a')  Each  d  is  a  finite  non-empty  set  and  every  element  of  d  either 
has  a  finite  rank  or  a  rank  greater  than  oj  and  less  than 
(w  +  l)+X,  where  \  =  2™"^^ 
Indeed  by  (C6)  the  sets  a  are  constructed  in  at  most  n2"p  executions  of 
step  2  of  the  Initialization  Algorithm,  where  n  is  the  number  of  places 
in  n  and  p  is  any  integer  such  that  2P~Vn  >  p  ,  so  that  in  particular 
we  can  take  p  =  2".  Since  a  place  of  P  is  just  a  boolean  function  on 
the  set  {yp...,y^},  it  follows  that  n  <  2™,  so  that  n2"p  =  nl"^^  < 
2™* 2^  =  A,  i.e.  the  number  of  times  that  step  2  of  the 
Initialization  Algorithm  is  executed  is  bounded  by  X.  Moreover,  it  is 
plain  that  each  execution  of  step  2  can  at  most  augment  Che  rank  of  a 
set  a  of  maximum  rank  by  1,  from  which  (C6a')  follows  immediately  since 
Individuals  have  rank  oj+l. 

From  this  we  can  easily  set  an  upper  bound  for  the  rank  of  all 
sets  appearing  in  our  final  model  of  the  clauses  P.  Indeed,  since  any 
step  either  of  type  (a)  or  (b)  of  the  Filling  Algorithm  increases   the 
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rank  of  the  set  a  of  maximum  rank,  by  at  most  1,  and  since  the  Filling 
Algorithm  executes  at  most  m  +  m2^  steps  (because  exactly  m  steps  of 
type  (a)  are  executed,  and  for  each  step  of  type  (a)  there  are  at  most 
2"  stabilization  substeps  of  type  (b)),  it  follows  easily  that  when  the 
Filling  Algorithm  terminates,  each  set  a  has  rank  at  most  (w+1)  +M, 
where  li 


,,  ,om+l  „  om       9 "1+1 

2m+l+2    ^    Indeed,   m   +  m2"   <   m  +  m2^    <   m2^  "^^   is 


elementary,   and  m2''   ^  £  2^   '^  can  easily  be  proved  by  induction. 

Thus  (oj  +  l)  +  2'""^2™   +  m  +  ra2"  _<  (cj  +  l  )+2' 2'°'^2    =  (u)  +  1 )  +  U   is   an 
upper  bound  for  the  rank  of  any  set  My. 

If  for  any  model  M  of  P  we  call  rank  of  M  the  rank  of  the  set 
Myi    ...   My   ,  then  we  have  proved 

Corollary  5.1.   P  is  satisfiable  if  and  only  if  it  has  a  model  of   rank 
at  most  (oj+l)  +M,  where  u  =  2"^'*'^'^^ 

By  refining  the  above  argument  very  slightly  it  is  now  easy  to 
prove  that  if  our  set  of  clauses  P  is  satisfiable,  then  it  has  a  model 
of  a  finite  rank  which  can  be  estimated  a  priori  from  the  size  and 
structure  of  P.  this  statement  makes  the  decidability  of  P  obvious 
(though  by  no  means  does  it  point  to  a  feasible  method  of 
computation!).  From  the  theoretical  point  of  view  it  Is  interesting  to 
contrast  this  statement,  which  tells  us  that  a  mixture  of  boolean  and 
powerset  clauses  must  have  a  finitary  model  of  it  as  any  model  at  all, 
with  the  observations  made  in  [CFS84]  concerning  sets  of  clauses 
including  union  clauses  x  =  Un(y)  (where  Un(y)  designates 
{z:  (g  x)(x  G  y  5.  z  e  x)}  ).  As  noted  in  that  paper,  it  is  easy  to 
write  clause  sets  of  this  latter  (still  decidable)  form  which  onlv  have 
infinite  models. 

To   show   that   satisfaction  of  powerset  clauses  can  never  require 
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infiniCe  models,  we  can  simply  observe  chaC  In  the  foregoing 
construction,  individuals  have  been  defined  to  have  rank  w+l  -just  Co 
prevent  accidental  formation  of  new  'individuals'  in  consequence  of  the 
execution  of  a  finite  number  of  steps  2  of  the  Initialization  Algorithm 
and/or  step  (a)  or  (b)  of  the  Filling  Algorithm;  if  this  happened, 
disjointness  would  be  disrupted.  However,  we  can  obtain  the  same 
effect  by  starting  with  'individuals'  which  are  sets  of  sufficiently 
large,  but  nevertheless  finite,  rank.  Specifically,  we  can  use 
'individuals'  which  are  doubleton  sets  of  the  form  {u,i}  where  as  above 
y  3  2™'^^"''^  and  where  1  is  any  integer  less  than  u  .  Since  this 
allows  U  different  individuals,  all  initial  places  can  be  initialized 
in  just  the  manner  previously  described,  since  the  Initialization 
Algorithm  makes  use  of  at  most  p«n  =  2"«  n  _<  2™"*"^  <  u  different 
individuals.  Also,  since  the  total  number  of  steps  performed  by  the 
Initialization  and  Filling  Algorithms  is  less  than  u,  no  individual  can 
ever  be  constructed  starting  from  the  empty  sec,  nor  can  individuals  be 
constructed  from  other  Individuals,  since  anv  set  containing  an 
individual  directly  or  Indirectly  will  have  a  rank  exceeding  chat  of 
any  individual.  Thus  our  proof  of  necessity  and  sufficiency  of 
condition  (Cl-6)  for  satisfiability  can  proceed  exactly  as  before, 
giving 

Corollary  5.2.   P  is  saclsflable  if  and  only  if  It  has  a  model   of 
rank  2^   ^°  -+1,  where  m  Is  the  number  of  variables  occuring  in  P. 
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